Tuesday, 25 April 2017

There was a recent directive from Uganda communications commission calling upon Ugandans to re-register their simcards this time using their National IDs. According to new vision, Ugandans were given seven days at first from a date not communicated to do so or else face disconnection. However the deadline has been pushed to 19th, May 2017.

MTN and I think Airtel as such sent out SMSs to customers me inclusive informing us to dial *197*3# to send our national ID Number plus given name and surname found on the IDs. This sounded as a big relief, saving us from queuing at service centers and having to travel back to Uganda to just finish this exercise for especially people like me that currently reside in a neighboring country.

For me,I do not have a national ID so I was looking around for a place to register for one. As I meditated on this disruption, because I mean UCC should have ensured National IDs came first before enforcing sim registration in the first place. This redundancy means time wastage that customers are facing for someone not thinking ahead of the dice.

According to my research getting a National ID now involves a couple of checks including signatures from Local council who will add more drama by making us pay money to just get a signature and a stamp (some do).. we are desperate after all. If I can approximate getting your National ID may take you 3 months. I had resolved to stick with my Kenyan simcards since at least in Kenya they registered my simcards using my Passport.. easier right!!!! I just do not get the logic why a passport is recognized worldwide and all of a sudden not recognized in your own country.....

Curiosity got me all of a sudden and I got curious about this *197*3# system. I was testing its authenticity. So I dialed the short code and tried to send someone else's National Id number with the other person's names and guess what... I got a success message telling me my simcard had been successfully registered. It did not even do any static name matching between my old registered name and the names I sent through. I did not plan to do something unauthentic I work with systems and always try to see if there are loop holes. Being a programmer this is natural.We do this as Quality assurance so that we do not roll out half baked systems or if it is someone else's system to help them find bugs they may have not taken care of. With that said help me reverse this!!!! It was a test.

However what does this mean? It means if telecoms can roll out a system to users where they are collecting such critical information with such errors there is need to worry about the information they are collecting from us. That means data is going in wrong hands.

This an integrity problem. People are going to use other people's IDs to register their simcards. Unless there is a silver bullet to burr people from using IDS that are not theirs, then you will track the wrong people down for a crime they have not committed. This is two way, to me as a customer to ensure I do actually use my own authentic details but I mean criminals loose nothing to impersonate someone else while registering their simcards using this convenient but wrong current way.

Data is almost the current and future currency. People all over are getting data and using it to get insight , tighten security among others. I believe the country is putting such measures for the same reasons and using telecoms because they have organized access to most people in this country. However with such great and sensitive data comes a lot of responsibility. I say again responsibility.

What am saying is if telecoms can use a flawed system to collect our sensitive information then I can not trust you to use authentic and secure systems to give it to the right parties period!!!! I will not register my simcards until you show me you are capable of securing my data!!!.

To handle this data you need a lot of security, performance (speed) as it grows and the integrity to ensure you do not dish out our details the wrong way. We will begin from first principles of authenticity and integrity. It is better to delay a project than rush and risk our data.

Now this is a hard one to solve unless you control the registration process to ensure the National ID number used actually belongs to the person registering. This happens well if it is a manual process done by agents who can examine the ID details and the physical person registering at least for now. We better go manual than risk the integrity of the data you are collecting.

In the long run call innovators from outbox Uganda and Innovation Village kampala to help you get a more digital solution if you need it anyway. For God and My country.